Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4801

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4801
Last Modified 18 Aug 2013 02:24:00
Published 13 Dec 2011 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4801

Summary

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Vulnerable Systems

Application

  • Authenex Strong Authentication System Server 3.1.0.2

  • Authenex Strong Authentication System Server 3.1.0.3


References

CONFIRM - https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2

MISC - http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection

EXPLOIT-DB - 18117


Last Updated: 27 May 2016 10:57:16